Дата публикации: | 10.04.2012 |
Дата изменения: | 01.05.2014 |
Всего просмотров: | 9121 |
Опасность: | Критическая |
Наличие исправления: | Да |
Количество уязвимостей: | 1 |
CVSSv2 рейтинг: | 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:O/RC:C) |
CVE ID: | CVE-2012-0158 |
Вектор эксплуатации: | Удаленная |
Воздействие: | Компрометация системы |
CWE ID: | Нет данных |
Наличие эксплоита: | Активная эксплуатация уязвимости |
Уязвимые продукты: |
Microsoft BizTalk Server 2002
Microsoft Commerce Server 2002 Microsoft Commerce Server 2007 Microsoft Commerce Server 2009 Microsoft Office 2003 Professional Edition Microsoft Office 2003 Small Business Edition Microsoft Office 2003 Standard Edition Microsoft Office 2003 Student and Teacher Edition Microsoft Office 2003 Web Components Microsoft Office 2007 Microsoft Office 2010 Microsoft SQL Server 2000 Microsoft SQL Server 2000 Analysis Services Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition Microsoft SQL Server 2008 Microsoft Visual Basic 6.x Microsoft Visual FoxPro 8.x Microsoft Visual FoxPro 9.x |
Уязвимые версии: Microsoft Office 2003 Microsoft Office 2003 Web Components Service Pack 3 Microsoft Office 2007 Service Pack 2 Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 (32-bit editions) Microsoft Office 2010 Service Pack 1 (32-bit editions) Microsoft SQL Server 2000 Analysis Services Service Pack 4 Microsoft SQL Server 2000 Service Pack 4 Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4 Microsoft SQL Server 2005 for 32-bit Systems Service Pack 4 Microsoft SQL Server 2005 for Itanium-based Systems Service Pack 4 Microsoft SQL Server 2005 for x64-based Systems Service Pack 4 Microsoft SQL Server 2008 for 32-bit Systems Service Pack 2 Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3 Microsoft SQL Server 2008 for x64-based Systems Service Pack 2 Microsoft SQL Server 2008 for x64-based Systems Service Pack 3 Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 2 Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3 Microsoft SQL Server 2008 R2 for 32-bit Systems Microsoft SQL Server 2008 R2 for x64-based Systems Microsoft SQL Server 2008 R2 for Itanium-based Systems Microsoft BizTalk Server 2002 Service Pack 1 Microsoft Commerce Server 2002 Service Pack 4 Microsoft Commerce Server 2007 Service Pack 2 Microsoft Commerce Server 2009 Microsoft Commerce Server 2009 R2 Microsoft Visual FoxPro 8.0 Service Pack 1 Microsoft Visual FoxPro 9.0 Service Pack 2 Visual Basic 6.0 Runtime Описание: Уязвимость существует из-за ошибки в MSCOMCTL.TreeView, MSCOMCTL.ListView2, MSCOMCTL.TreeView2 и MSCOMCTL.ListView компонентах (MSCOMCTL.OCX). Удаленный пользователь может с помощью специально сформированной Web-страницы вызвать повреждение памяти и выполнить произвольный код на целевой системе. Примечание: уязвимость активно эксплуатируется в настоящее время. URL производителя: www.microsoft.com Решение: Установите исправление с сайта производителя. |
|
Microsoft Office 2003 Service Pack 3: Microsoft Office 2003 Web Components Service Pack 3: Microsoft Office 2007 Service Pack 2: Microsoft Office 2007 Service Pack 3: Microsoft Office 2010 (32-bit editions): Microsoft Office 2010 Service Pack 1 (32-bit editions): Microsoft SQL Server 2000 Analysis Services Service Pack 4: Microsoft SQL Server 2000 Service Pack 4: Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4: Microsoft SQL Server 2005 for 32-bit Systems Service Pack 4: Microsoft SQL Server 2005 for Itanium-based Systems Service Pack 4: Microsoft SQL Server 2005 for x64-based Systems Service Pack 4: Microsoft SQL Server 2008 for 32-bit Systems Service Pack 2: Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3: Microsoft SQL Server 2008 for x64-based Systems Service Pack 2: Microsoft SQL Server 2008 for x64-based Systems Service Pack 3: Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 2: Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3: Microsoft SQL Server 2008 R2 for 32-bit Systems: Microsoft SQL Server 2008 R2 for x64-based Systems: Microsoft SQL Server 2008 R2 for Itanium-based Systems: Microsoft BizTalk Server 2002 Service Pack 1: Microsoft Commerce Server 2002 Service Pack 4: Microsoft Commerce Server 2007 Service Pack 2: Microsoft Commerce Server 2009: Microsoft Commerce Server 2009 R2: Microsoft Visual FoxPro 8.0 Service Pack 1: Microsoft Visual FoxPro 9.0 Service Pack 2: Visual Basic 6.0 Runtime: |
|
Ссылки: |
MS12-027: Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258) MS12-027 MSCOMCTL ActiveX Buffer Overflow Exploit (meta) |
Журнал изменений: | a:2:{s:4:"TEXT";s:36:"28.04.2012 Добавлен эксплоит.";s:4:"TYPE";s:4:"html";} |